<?php
	require('Model/mysql.php');
	require('host_config.php');
	session_start();
	error_reporting(E_ALL);
	$mysql = new MySQL();
	$link = $mysql->connect($mysql_host, $mysql_user, $mysql_passwd, $mysql_db);
	//get user information
	$account = $mysql->real($_POST["account"]);
	$password = $mysql->real($_POST["password"]);
	
    $temp = "\x0a";
    $temp = $password.$temp;
    $sha1_pass = sha1($temp);
	
    $sql = "SELECT `loginid`, `account`, `password`, `flag`, `shopname` FROM `LoginUser` WHERE `account` = '$account' AND `password` = '$sha1_pass'";
	$row = $mysql->query_row($sql, $link);
    if ($account != NULL && $password != NULL && $account == $row[1] && $sha1_pass == $row[2]) {
    	$_SESSION['uid'] = $row[0];
    	$sql = "SELECT shopid FROM Shops WHERE fullname = '$row[4]'";
    	$rows = $mysql->query_row($sql, $link);
    	
    	if ($rows[0] == null) {
    		$_SESSION["shopid"] = 0;
    	}else{
        	$_SESSION["shopid"] = $rows[0];
    	}
        $_SESSION["flag"] = $row[3];
		//判斷是否為superuser, 是則跳入select.php否則跳入select_1.php
		if ($row[3] == 2) {
			//superuser
        	header("location:super/select.php");
		}else if ($row[3] == 1) {
			//user
			//header("location:used/select.php?id=$rows[0]");
            $shopid = $_SESSION['shopid'];
            header("location:used/select.php?id=$shopid");
		}else {
			header("location:used/login.php");
		}
    }else {
    	echo "<script language='javascript'>";
        echo "alert('account and password error, please check again!');";
        echo "history.back();";
        echo "</script>";
    }
?>
